Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-09-19 CVE-2024-47159 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
network
low complexity
jetbrains CWE-863
4.3
2024-09-19 CVE-2024-47160 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
network
low complexity
jetbrains CWE-863
5.3
2024-09-15 CVE-2024-46918 Incorrect Authorization vulnerability in Misp
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
network
low complexity
misp CWE-863
4.9
2024-09-12 CVE-2024-2743 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
network
low complexity
gitlab CWE-863
critical
9.1
2024-09-11 CVE-2024-8691 Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os
A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user.
network
low complexity
paloaltonetworks CWE-863
7.1
2024-09-11 CVE-2024-4465 Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration.
network
high complexity
nozominetworks CWE-863
5.0
2024-09-10 CVE-2024-42423 Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin.
local
low complexity
citrix CWE-863
7.1
2024-09-10 CVE-2024-44114 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.
network
low complexity
sap CWE-863
2.7
2024-09-09 CVE-2024-8601 Incorrect Authorization vulnerability in Techexcel Back Office Software
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints.
network
low complexity
techexcel CWE-863
6.5
2024-09-04 CVE-2024-34642 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
low complexity
samsung CWE-863
4.6